improved isset() calls

fixed @returns at validateDpop add $this->markTestSkipped for 3 tests that are probably incorrect
pdsinterop · Sep 29, 2022 · bc9e227 · bc9e227
1 parent 961a2b9
commit bc9e227
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 16 deletions.
diff --git a/src/Utils/DPop.php b/src/Utils/DPop.php
@@ -114,21 +114,22 @@ public function makeJwkThumbprint($jwk) {
 		if (!$jwk || !isset($jwk['kty'])) {
 			throw new InvalidTokenException('JWK has no "kty" key type');
 		}
+		// https://www.rfc-editor.org/rfc/rfc7517.html#section-4.1
+		// and https://www.rfc-editor.org/rfc/rfc7518.html#section-6.1
 		if (!in_array($jwk['kty'], ['RSA','EC'])) {
 			throw new InvalidTokenException('JWK "kty" key type value must be one of "RSA" or "EC", got "'.$jwk['kty'].'" instead.');
 		}
-		if ($jwk['kty']=='RSA') {
-			if (!isset($jwk['e']) || !isset($jwk['n'])) {
+		if ($jwk['kty']=='RSA') { // used with RS256 alg
+			if (!isset($jwk['e'], $jwk['n'])) {
 				throw new InvalidTokenException('JWK values do not match "RSA" key type');
 			}
 			$json = vsprintf('{"e":"%s","kty":"%s","n":"%s"}', [
 				$jwk['e'],
 				$jwk['kty'],
 				$jwk['n'],
 			]);
-
-		} else { //EC
-			if (!isset($jwk['crv']) || !isset($jwk['x']) || !isset($jwk['y'])) {
+		} else { // EC used with ES256 alg 
+			if (!isset($jwk['crv'], $jwk['x'], $jwk['y'])) {
 				throw new InvalidTokenException('JWK values doe not match "EC" key type');
 			}
 			//crv, kty, x, y
@@ -219,7 +220,7 @@ public function validateIdTokenDpop($token, $dpop, $request) {
 	 * @param string $dpop The DPOP token
 	 * @param ServerRequestInterface $request Server Request
 	 *
-	 * @return bool True if the DPOP token is valid, false otherwise
+	 * @return bool True if the DPOP token is valid
 	 *
 	 * @throws RequiredConstraintsViolated
 	 * @throws InvalidTokenException

diff --git a/tests/unit/Utils/DPOPTest.php b/tests/unit/Utils/DPOPTest.php
@@ -349,7 +349,6 @@ final public function testGetWebIdWithDpopWithoutKeyId(): void
         $this->dpop['payload']['jti'] = 'mock jti';
         $this->dpop['payload']['sub'] = self::MOCK_SUBJECT;
 
-
         $dpopToken = $this->sign($this->dpop);
 
         $mockJtiValidator = $this->createMockJtiValidator();
@@ -374,16 +373,15 @@ final public function testGetWebIdWithDpopWithoutKeyId(): void
 
     /**
      * @testdox Dpop SHOULD complain WHEN asked to get WebId from Request with valid DPOP without Confirmation Claim
-     * why? which spec?
      * @covers ::getWebId
      *
      * @uses \Pdsinterop\Solid\Auth\Utils\DPop::getDpopKey
      * @uses \Pdsinterop\Solid\Auth\Utils\DPop::validateDpop
      * @uses \Pdsinterop\Solid\Auth\Utils\DPop::validateJwtDpop
      */
-/*    
     final public function testGetWebIdWithDpopWithoutConfirmationClaim(): void
     {
+        $this->markTestSkipped('Skipped untill we find a spec that requires this');
         $this->dpop['header']['jwk'][JwkParameter::KEY_ID] = self::MOCK_THUMBPRINT;
         $this->dpop['payload']['jti'] = 'mock jti';
         $this->dpop['payload']['sub'] = self::MOCK_SUBJECT;
@@ -409,19 +407,18 @@ final public function testGetWebIdWithDpopWithoutConfirmationClaim(): void
 
         $dpop->getWebId($request);
     }
-*/
+
     /**
      * @testdox Dpop SHOULD complain WHEN asked to get WebId from Request with valid DPOP without JWT Key Thumbprint
-     * why? which spec?
      * @covers ::getWebId
      *
      * @uses \Pdsinterop\Solid\Auth\Utils\DPop::getDpopKey
      * @uses \Pdsinterop\Solid\Auth\Utils\DPop::validateDpop
      * @uses \Pdsinterop\Solid\Auth\Utils\DPop::validateJwtDpop
      */
-/*
     final public function testGetWebIdWithDpopWithoutThumbprint(): void
     {
+        $this->markTestSkipped('Skipped untill we find a spec that requires this');
         $this->dpop['header']['jwk'][JwkParameter::KEY_ID] = self::MOCK_THUMBPRINT;
         $this->dpop['payload']['cnf'] = [];
         $this->dpop['payload']['jti'] = 'mock jti';
@@ -446,19 +443,18 @@ final public function testGetWebIdWithDpopWithoutThumbprint(): void
 
         $dpop->getWebId($request);
     }
-*/
+
     /**
      * @testdox Dpop SHOULD complain WHEN asked to get WebId from Request with valid DPOP with Thumbprint not matching Key Id
-     * why? which spec?
      * @covers ::getWebId
      *
      * @uses \Pdsinterop\Solid\Auth\Utils\DPop::getDpopKey
      * @uses \Pdsinterop\Solid\Auth\Utils\DPop::validateDpop
      * @uses \Pdsinterop\Solid\Auth\Utils\DPop::validateJwtDpop
      */
-/*
     final public function testGetWebIdWithDpopWithMismatchingThumbprintAndKeyId(): void
     {
+        $this->markTestSkipped('Skipped untill we find a spec that requires this');
         $this->dpop['header']['jwk'][JwkParameter::KEY_ID] = self::MOCK_THUMBPRINT . 'Mismatch';
         $this->dpop['payload']['cnf'] = ['jkt' => self::MOCK_THUMBPRINT];
         $this->dpop['payload']['jti'] = 'mock jti';
@@ -483,7 +479,6 @@ final public function testGetWebIdWithDpopWithMismatchingThumbprintAndKeyId(): v
 
         $dpop->getWebId($request);
     }
-*/
 
     /**
      * @testdox Dpop SHOULD complain WHEN asked to get WebId from Request with valid DPOP without "sub"